Your search keyword '"data anonymization"' showing total 10 results

1. Theseus Data Synthesis Approach: A Privacy-Preserving Online Data Sharing Service

Author

Yi-Jun Tang and Po-Wen Chi

Subjects

Data anonymization, data synthesis, privacy-preserving data sharing, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the vigorously developed services of cloud computing, it is relatively easier and more convenient for organizations or enterprises to open data on clouds. However, as personal information in electronic data becomes more massive and detailed, how to balance data opening and personal privacy has become a critical issue. In this paper, we propose the Theseus Data Synthesis Approach (TDSA), which generates synthetic data by replacing partial records until no record from the original dataset remains. Unlike other data anonymization works such as k-anonymity and differential privacy, which encountered limitations and challenges when applying to real-world scenarios. In our work, Since there are no real data, personal privacy is definitely preserved. We also analyze the quality and utility of the synthetic dataset and make comparisons with related works. We conclude that with our scheme, opening useful data on clouds and preserving personal privacy can be simultaneously achieved.

Published

2024

2. You Are What You Buy: Personal Information Extraction From Anonymized Data

Author

Thomas Cilloni, Charles Fleming, and Charles Walter

Subjects

Data anonymization, machine learning, privacy, responsible AI, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The exponential growth of data in the information age poses several threats to the privacy and safety of digital service users. Existing legislation, such as the GDPR in Europe and the CCPA in California, defines frameworks and guidelines to promote personal privacy but leaves freedom in the choice of means to achieve privacy. Data anonymization techniques remove information that can be used to identify individuals from the dataset, either through suppression, generalization, anatomization, permutation, or perturbation. Information suppression remains the most common, safe, and widely applicable anonymization method, though at a high data utility cost. In this paper, we argue that even information suppression may not be sufficient in some cases. We study the case of a dataset that describes the shopping habits of a grocery store’s customers. All identifiers and quasi-identifiers are removed from the dataset by suppression. However, by augmenting the data in a novel multi-step, iterative process, and building a neural network enriched with prior knowledge, we show that most sensitive information can be retrieved with an accuracy of 80%.

Published

2024

3. Principle-Based Approach for the De-Identification of Code-Mixed Electronic Health Records

Author

Chen-Kai Wang, Feng-Duo Wang, You-Qian Lee, Pei-Tsz Chen, Bo-Hong Wang, Chu-Hsien Su, Joseph Chin-Chi Kuo, Chi-Shin Wu, Yi-Ling Chien, Hong-Jie Dai, Vincent S. Tseng, and Wen-Lian Hsu

Subjects

Electronic health record, data anonymization, code-mixing, principle, named entity recognition, deep learning, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Code-mixing is a phenomenon where at least two languages are combined in a hybrid manner in the context of a single conversation. The use of mixed language is widespread in multilingual and multicultural countries and poses significant challenges for the development of automated language processing tools. In Taiwan’s electronic health record (EHR) systems, unstructured EHR texts are usually represented in a mixture of English and Chinese which increases the difficulty for de-identification and synthetization of protected health information (PHI). We explored this problem by applying several state-of-the-art pre-trained mono- and multilingual language models and propose to exploit the principle-based approach (PBA) for the tasks of PHI recognition and resynthesis on a code-mixed EHR corpus annotated with 6 main categories and 25 subcategories of PHIs. A hierarchical principle slot schema is defined in the PBA to encode knowledge of code-mixed PHIs and utilize slots to learn from the training set to assemble principles for recognizing PHI mentions and synthesizing surrogates simultaneously. In addition, a semantic disambiguation process is implemented to disambiguate ambiguous PHI categories in the de-identification process and to dynamically extend the knowledge encoded in PBA during the knowledge augmentation process. The experiment results demonstrate that the proposed method can achieve the best micro- and macro-F-scores in comparison to the other mono- and multilingual language models fine-tuned on our code-mixed corpus.

Published

2022

4. Finding the Sweet Spot for Data Anonymization: A Mechanism Design Perspective

Author

Abdelrahman Eldosouky, Tapadhir Das, Anuraag Kotra, and Shamik Sengupta

Subjects

Contract theory, data anonymization, game theory, k-anonymity, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Data sharing between different organizations is an essential process in today’s connected world. However, recently there were many concerns about data sharing as sharing sensitive information can jeopardize users’ privacy. To preserve privacy, organizations use anonymization techniques to conceal users’ sensitive data. However, these techniques are vulnerable to de-anonymization attacks which aim to identify individual records within a dataset. In this paper, a two-tier mathematical framework is proposed for analyzing and mitigating the de-anonymization attacks, by studying the interactions between sharing organizations, a data collector, and an attacker. In the first level, a game-theoretic model is proposed to enable sharing organizations to optimally select their anonymization levels for k-anonymization under two potential attacks: background-knowledge attack and homogeneity attack. In the second level, a contract-theoretic model is proposed to enable the data collector to optimally reward the organizations for their data. The formulated problems are studied under single-time sharing and repeated sharing scenarios. Different Nash equilibria for the proposed game and the optimal solution of the contract-based problem are analytically derived for both scenarios. Simulation results show that the organizations can optimally select their anonymization levels, while the data collector can benefit from incentivizing the organizations to share their data.

Published

2022

5. A Survey on Privacy Properties for Data Publishing of Relational Data

Author

Athanasios Zigomitros, Fran Casino, Agusti Solanas, and Constantinos Patsakis

Subjects

Data anonymization, privacy preserving data publishing, data protection, k-anonymity, privacy, review, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Recent advances in telecommunications and database systems have allowed the scientific community to efficiently mine vast amounts of information worldwide and to extract new knowledge by discovering hidden patterns and correlations. Nevertheless, all this shared information can be used to invade the privacy of individuals through the use of fusion and mining techniques. Simply removing direct identifiers such as name, SSN, or phone number is not anymore sufficient to prevent against these practices. In numerous cases, other fields, like gender, date of birth and/or zipcode, can be used to re-identify individuals and to expose their sensitive details, e.g. their medical conditions, financial statuses and transactions, or even their private connections. The scope of this work is to provide an in-depth overview of the current state of the art in Privacy-Preserving Data Publishing (PPDP) for relational data. To counter information leakage, a number of data anonymisation methods have been proposed during the past few years, including $k$ -anonymity, $\ell $ -diversity, $t$ -closeness, to name a few. In this study we analyse these methods providing concrete examples not only to explain how each of them works, but also to facilitate the reader to understand the different usage scenarios in which each of them can be applied. Furthermore, we detail several attacks along with their possible countermeasures, and we discuss open questions and future research directions.

Published

2020

6. Anonymization Techniques for Privacy Preserving Data Publishing: A Comprehensive Survey

Author

Abdul Majeed and Sungchang Lee

Subjects

Information privacy, General Computer Science, Computer science, Relational database, Data_MISCELLANEOUS, 02 engineering and technology, Data publishing, graphs data, privacy, Field (computer science), Data modeling, anonymization, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Electrical and Electronic Engineering, Private information retrieval, Information retrieval, Data anonymization, Privacy preserving data publishing, General Engineering, Service provider, utility, 020201 artificial intelligence & image processing, relational data, lcsh:Electrical engineering. Electronics. Nuclear engineering, lcsh:TK1-9971

Abstract

Anonymization is a practical solution for preserving user’s privacy in data publishing. Data owners such as hospitals, banks, social network (SN) service providers, and insurance companies anonymize their user’s data before publishing it to protect the privacy of users whereas anonymous data remains useful for legitimate information consumers. Many anonymization models, algorithms, frameworks, and prototypes have been proposed/developed for privacy preserving data publishing (PPDP). These models/algorithms anonymize users’ data which is mainly in the form of tables or graphs depending upon the data owners. It is of paramount importance to provide good perspectives of the whole information privacy area involving both tabular and SN data, and recent anonymization researches. In this paper, we presents a comprehensive survey about SN (i.e., graphs) and relational (i.e., tabular) data anonymization techniques used in the PPDP. We systematically categorize the existing anonymization techniques into relational and structural anonymization, and present an up to date thorough review on existing anonymization techniques and metrics used for their evaluation. Our aim is to provide deeper insights about the PPDP problem involving both graphs and tabular data, possible attacks that can be launched on the sanitized published data, different actors involved in the anonymization scenario, and major differences in amount of private information contained in graphs and relational data, respectively. We present various representative anonymization methods that have been proposed to solve privacy problems in application-specific scenarios of the SNs. Furthermore, we highlight the user’s re-identification methods used by malevolent adversaries to re-identify people uniquely from the privacy preserved published data. Additionally, we discuss the challenges of anonymizing both graphs and tabular data, and elaborate promising research directions. To the best of our knowledge, this is the first work to systematically cover recent PPDP techniques involving both SN and relational data, and it provides a solid foundation for future studies in the PPDP field.

Published

2021

7. Data Anonymization Using Pseudonym System to Preserve Data Privacy

Author

Shukor Abd Razak, Nur Hafizah Mohd Nazari, and Arafat Al-Dhaqm

Subjects

Information privacy, Authentication, Spoofing attack, General Computer Science, Data anonymization, Computer science, business.industry, General Engineering, pseudonym, palm vein, Cloud computing, unlinkability, Computer security, computer.software_genre, Unique identifier, Digital Data Storage, Data access, anonimous, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971, data preserving

Abstract

Data collection and storage in a large size is done on a routine basis in any company or organization. To this end, wireless network infrastructure and cloud computing are two widely-used tools. With the use of such services, less time is needed to attain the required output, and also managing the jobs will be simpler for users. General services employ a unique identifier for the aim of storing data in a digital database. However, it may be associated with some limitations and challenges. There is a link between the unique identifier and the data holder, e.g., name, address, Identity card number, etc. Attackers can manipulate a unique identifier for stealing the whole data. To get the data needed, attackers may even eavesdrop or guess. It results in lack of data privacy protection. As a result, it is necessary to take into consideration the data privacy issues in any data digital data storage. With the use of current services, there is a high possibility of exposure and leak of data/information to an unauthorized party during their transfer process. In addition, attacks may take place against services; for instance spoofing attacks, forgery attacks, etc. in the course of information transaction. To address such risks, this paper suggests the use of a biometric authentication method by means of a palm vein during the authentication process. Furthermore, a pseudonym creation technique is adopted to make the database record anonymous, which can make sure the data is properly protected. This way, any unauthorized party cannot gain access to data/information. The proposed system can resolve the information leaked, the user true identity is never revealed to others.

Published

2020

8. A Framework for Privacy-Preserving Multi-Party Skyline Query Based on Homomorphic Encryption

Author

Mahboob Qaosar, Kazi Md. Rokibul Alam, Asif Zaman, Chen Li, Saleh Ahmed, Md. Anisuzzaman Siddique, and Yasuhiko Morimoto

Subjects

Information privacy, General Computer Science, Computer science, Computation, Paillier cryptosystem, homomorphic encryption, 02 engineering and technology, multi-party computation, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Data mining, Skyline, data privacy, Thesaurus (information retrieval), Information retrieval, Data anonymization, General Engineering, InformationSystems_DATABASEMANAGEMENT, Homomorphic encryption, 020206 networking & telecommunications, Object (computer science), skyline query, Data analysis, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, lcsh:TK1-9971

Abstract

Nowadays, the management and analyses of `big data' are becoming indispensable for numerous organizations all over the world. In many cases, multiple organizations want to perform data analyses on their combined databases. Skyline query is one of the popular operations for selecting representative objects from a large database, where any other object within the database does not dominate each of the representative objects, called `skyline'. Like other data analytics operations, the multi-party skyline query can provide benefits to the participating organizations by retrieving the skyline objects from their combined databases. Such a multi-party skyline query demands the disclosure of individual parties' objects to others during the computation. But, owing to the data privacy and security concern of the present IT era, such disclosure of the individual parties' databases is strictly prohibited. Considering this issue, we are proposing a new framework for the privacy-preserving multi-party skyline query, exploiting additive homomorphic encryption along with data anonymization, perturbation, and randomization techniques. The underlying protocols within our proposed framework ensure that every participating party can identify its multi-party skyline objects without revealing the objects to others during the multi-party skyline query. The detailed privacy and security analyses show that the proposed framework can achieve the desired computation goal without privacy leakage. Besides, the performance evaluation through complexity analyses, extensive simulations, and comprehensive comparison also demonstrate the utility and the efficiency of the proposed framework.

Published

2019

9. Privacy Preservation in e-Healthcare Environments: State of the Art and Future Directions

Author

Mehmet A. Orgun, Imran Rashid, Xiaodong Yang, Muneeb Ahmed Sahi, Waseem Iqbal, Abdelouahid Derhab, Asif Yaseen, Haider Abbas, and Kashif Saleem

Subjects

Information privacy, anonymity, General Computer Science, Data anonymization, business.industry, Internet privacy, General Engineering, access control, 020206 networking & telecommunications, Access control, 02 engineering and technology, privacy, Identity management, Electronic mail, e-Healthcare, Accountability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Pseudonymization, lcsh:TK1-9971, Protected health information

Abstract

e-Healthcare promises to be the next big wave in healthcare. It offers all the advantages and benefits imaginable by both the patient and the user. However, current e-Healthcare systems are not yet fully developed and mature, and thus lack the degree of confidentiality, integrity, privacy, and user trust necessary to be widely implemented. Two primary aspects of any operational healthcare enterprise are the quality of healthcare services and patient trust over the healthcare enterprise. Trust is intertwined with issues like confidentiality, integrity, accountability, authenticity, identity, and data management, to name a few. Privacy remains one of the biggest obstacles to ensuring the success of e-Healthcare solutions in winning patient trust as it indirectly covers most security concerns. Addressing privacy concerns requires addressing security issues like access control, authentication, non-repudiation, and accountability, without which end-to-end privacy cannot be ensured. Achieving privacy from the point of data collection in wireless sensor networks, to incorporating the Internet of Things, to communication links, and to data storage and access, is a huge undertaking and requires extensive work. Privacy requirements are further compounded by the fact that the data handled in an enterprise are of an extremely personal and private nature, and its mismanagement, either intentionally or unintentionally, could seriously hurt both the patient and future prospects of an e-Healthcare enterprise. Research carried out in order to address privacy concerns is not homogenous in nature. It focuses on the failure of certain parts of the e-Healthcare enterprise to fully address all aspects of privacy. In the middle of this ongoing research and implementation, a gradual shift has occurred, moving e-Healthcare enterprise controls away from an organizational level toward the level of patients. This is intended to give patients more control and authority over decision making regarding their protected health information/electronic health record. A lot of works and efforts are necessary in order to better assess the feasibility of this major shift in e-Healthcare enterprises. Existing research can be naturally divided on the basis of techniques used. These include data anonymization/pseudonymization and access control mechanisms primarily for stored data privacy. This, however, results in giving a back seat to certain privacy requirements (accountability, integrity, non-repudiation, and identity management). This paper reviews research carried out in this regard and explores whether this research offers any possible solutions to either patient privacy requirements for e-Healthcare or possibilities for addressing the (technical as well as psychological) privacy concerns of the users.

Published

2018

10. A Survey on Privacy Properties for Data Publishing of Relational Data

Author

Constantinos Patsakis, Athanasios Zigomitros, Fran Casino, and Agusti Solanas

Subjects

Information privacy, data protection, General Computer Science, Relational database, Closeness, General Engineering, review, k-anonymity, 02 engineering and technology, Data publishing, privacy, Data science, Identifier, Phone, 020204 information systems, Data anonymization, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, Electrical and Electronic Engineering, privacy preserving data publishing, lcsh:TK1-9971, Anonymity

Abstract

Recent advances in telecommunications and database systems have allowed the scientific community to efficiently mine vast amounts of information worldwide and to extract new knowledge by discovering hidden patterns and correlations. Nevertheless, all this shared information can be used to invade the privacy of individuals through the use of fusion and mining techniques. Simply removing direct identifiers such as name, SSN, or phone number is not anymore sufficient to prevent against these practices. In numerous cases, other fields, like gender, date of birth and/or zipcode, can be used to re-identify individuals and to expose their sensitive details, e.g. their medical conditions, financial statuses and transactions, or even their private connections. The scope of this work is to provide an in-depth overview of the current state of the art in Privacy-Preserving Data Publishing (PPDP) for relational data. To counter information leakage, a number of data anonymisation methods have been proposed during the past few years, including $k$ -anonymity, $\ell $ -diversity, $t$ -closeness, to name a few. In this study we analyse these methods providing concrete examples not only to explain how each of them works, but also to facilitate the reader to understand the different usage scenarios in which each of them can be applied. Furthermore, we detail several attacks along with their possible countermeasures, and we discuss open questions and future research directions.